| CVE-2025-8216 | Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets | wowdevs | Sky Addons – Elementor Addons with Widgets & Templates | Medium | 6.4 | 2025-07-29 09:23:45 | Deep Dive |
| CVE-2025-4566 | Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-07-29 04:23:46 | Deep Dive |
| CVE-2025-3075 | Elementor <= 3.29.0 - Authenticated (Contributor+) Stored Cross-Site Scripting | elemntor | Elementor Website Builder – more than just a page builder | Medium | 6.4 | 2025-07-29 04:23:45 | Deep Dive |
| CVE-2025-3614 | ElementsKit Elementor Addons and Templates <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Widget | roxnor | ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor | Medium | 6.4 | 2025-07-24 22:23:37 | Deep Dive |
| CVE-2025-7644 | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery <= 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting | bdthemes | Pixel Gallery Addons for Elementor – Easy Grid, Creative Gallery, Drag and Drop Grid, Custom Grid Layout, Portfolio Gallery | Medium | 6.4 | 2025-07-22 04:25:08 | Deep Dive |
| CVE-2025-7697 | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.1.1 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:03 | Deep Dive |
| CVE-2025-7696 | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms <= 1.2.3 - Unauthenticated PHP Object Injection via verify_field_val Function | crmperks | Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms | Critical | 9.8 | 2025-07-19 04:23:02 | Deep Dive |
| CVE-2025-48295 | WordPress Easy Elementor Addons plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability | hashthemes | Easy Elementor Addons | Medium | 6.5 | 2025-07-16 10:36:54 | Deep Dive |
| CVE-2025-54050 | WordPress Responsive Addons for Elementor plugin <= 1.7.3 - Cross Site Scripting (XSS) Vulnerability | CyberChimps | Responsive Addons for Elementor | Medium | 6.5 | 2025-07-16 10:36:52 | Deep Dive |
| CVE-2025-54037 | WordPress News Kit Elementor Addons plugin <= 1.3.4 - Broken Access Control Vulnerability | blazethemes | News Kit Elementor Addons | Medium | 5.4 | 2025-07-16 10:36:49 | Deep Dive |
| CVE-2025-54033 | WordPress Theme Builder For Elementor plugin <= 1.2.3 - Cross Site Request Forgery (CSRF) Vulnerability | BlocksWP | Theme Builder For Elementor | Medium | 6.5 | 2025-07-16 10:36:47 | Deep Dive |
| CVE-2025-53989 | WordPress JetBlocks For Elementor plugin <= 1.3.19 - Cross Site Scripting (XSS) Vulnerability | Crocoblock | JetBlocks For Elementor | Medium | 6.5 | 2025-07-16 10:36:37 | Deep Dive |
| CVE-2025-53982 | WordPress JetElements For Elementor plugin <= 2.7.7 - Cross Site Scripting (XSS) Vulnerability | Crocoblock | JetElements For Elementor | Medium | 6.5 | 2025-07-16 10:36:10 | Deep Dive |
| CVE-2025-5284 | Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.2 - Authenticated (Contributor+) Stored Cross-Site Scripting | litonice13 | Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits | Medium | 6.4 | 2025-07-16 09:22:56 | Deep Dive |
| CVE-2025-7340 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Upload | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.8 | 2025-07-15 04:23:42 | Deep Dive |
| CVE-2025-7360 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Directory Traversal to Arbitrary File Move | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.1 | 2025-07-15 04:23:42 | Deep Dive |
| CVE-2025-7341 | HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. <= 2.2.1 - Unauthenticated Arbitrary File Deletion | htplugins | HT Contact Form – Drag & Drop Form Builder for WordPress | Critical | 9.1 | 2025-07-15 04:23:41 | Deep Dive |
| CVE-2025-6244 | Essential Addons for Elementor – Popular Elementor Templates and Widgets <= 6.1.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Calendar` And `Business Reviews` Widgets | wpdevteam | Essential Addons for Elementor – Popular Elementor Templates & Widgets | Medium | 6.4 | 2025-07-08 01:43:47 | Deep Dive |
| CVE-2024-11937 | Premium Addons for Elementor <= 4.10.69 - Authenticated (Contributor+) Stored Cross-Site Scripting | leap13 | Premium Addons for Elementor – Powerful Elementor Templates & Widgets | Medium | 6.4 | 2025-07-04 07:22:18 | Deep Dive |
| CVE-2025-7046 | Portfolio for Elementor & Image Gallery | PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS | dotrex | PowerFolio – Portfolio & Image Gallery for Elementor | Medium | 6.4 | 2025-07-04 01:44:01 | Deep Dive |